This tool passively monitors network activity to identify communication patterns of malware-infected computers within the network, making it easier to detect and address security threats.
BotHunter's primary purpose is to help you track the two-way communication flows between external entities and internal assets by developing a comprehensive evidential trail of data exchanges that match a state-based infection sequence model. To achieve this, the software consists of a powerful correlation engine that is driven by a customized and augmented release of Snort version 2.
This enables BotHunter to track the underlying actions that occur during the malware infection process, including inbound scanning, egg downloading, exploit usage, outbound bot coordination dialog, outbound attack propagation, and malware P2P communication. The BotHunter correlator then ties together the entire trail of inbound intrusion alarms with those outbound communication patterns that are highly indicative of a successful local host infection.
Whenever a sequence of evidence is found to match BotHunter's infection dialog model, the software produces a consolidated report summarizing all the relevant events and event sources that played a role during the infection process. This is a powerful tool for understanding the life cycle of malware infections and is beneficial for both experimental operational use and stimulating research.
In summary, BotHunter is an excellent software tool that is designed to help users track and monitor the two-way communication flows between external entities and internal assets. Its advanced infection-dialog-based event correlation engine provides users with a comprehensive evidential trail of data exchanges that match a state-based infection sequence model. The software is available for free and is suitable for both experimental operational use and research purposes.
Version 1.0.4: N/A